FBI Investigation Into Programmer For Freeing The Public Domain
from the an-exploit? dept
A bunch of folks have sent over the incredible story of how the FBI investigated well-known programmer Aaron Swartz, after discovering that he had installed a perl script on a computer at the 7th U.S. Circuit Court of Appeals library in Chicago, to cycle through PACER documents and upload them to an Amazon S3 account. Basically (as we've discussed in the past), court documents -- which are in the public domain -- are mostly locked up in the gov't's PACER system, which costs $0.08/page. However, since the documents are public domain, once you get them, you're free to do what you want with them. The Government Printing Office started an experiment last year, offering free access to PACER in certain libraries. Swartz just went to one and then installed his script to cycle through and upload those documents. The library's IT staff eventually noticed the issue (it took a few weeks) and alerted the FBI who began an investigation of Aaron, after Amazon handed over his info. While you can sorta understand why the FBI might look into why someone had installed a program on a court library computer, once it became clear that it was only accessing public domain documents, it seems pretty silly to have continued onward -- including driving by his home and considering a stakeout.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: aaron swartz, fbi, investigation, pacer, public domain
Reader Comments
Subscribe: RSS
View by: Time | Thread
When you're a hammer
Standard FBI "procedure", just to dot the "i's" and cross the "t's". It's what they do, and are trained to do.
Honestly, he probably broke at least two Federal laws in placing an unauthorized piece of software on the computer. I'd bet that the only reason he isn't up on charges is they couldn't prove he had an intent to steal confidential content.
[ link to this | view in chronology ]
Re: When you're a hammer
So is this considered software? I could be sitting there doing the same thing either from the command line or using even less sophisticated methods. The script doesn't compile into a Binary, It's just flat text.
[ link to this | view in chronology ]
Re: Re: When you're a hammer
[ link to this | view in chronology ]
Re: Re: When you're a hammer
Yes.
Software is instruction directing the behavior of the computer. Whether they are compiled or interpreted is irrelevant, as is how complex or simple they are.
[ link to this | view in chronology ]
Re: When you're a hammer
[ link to this | view in chronology ]
Re: Re: When you're a hammer
I am in IT for a major Federal Agency, and I'd NEVER let something get placed in public that would allow software installation.
That said, even if negligently allowed, Federal law still forbids placing unauthorized software on a Federal system. What has probably kept him from being charged is that the law still requires some form of intent, and since he was accessing what he would have had access to freely anyway, it was most likely felt not worth the effort.
[ link to this | view in chronology ]
Re: When you're a hammer
[ link to this | view in chronology ]
[ link to this | view in chronology ]
silly situation, dubious response, ridiculous counter response, no apparent significant harm done [yet?]
business as usual in the world of humanity, really... especially government.
though i do see the point.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Now, what should be done.
Fire the IT department in charge of that library system.
1). he should NEVER have had access to place a scheduled job that machine.
2). He should NEVER had access to place software of ANY KIND on that machine.
[ link to this | view in chronology ]
Whats the Issue Here?
Actually I hope he should have to pay fines for illegal use of government equipment and the FBI should take all his computer equipment away from him.
The issue is not with the data he was accessing, but that he modified a system that he had no right to modify.
[ link to this | view in chronology ]
Re: Whats the Issue Here?
[ link to this | view in chronology ]
Re: Whats the Issue Here?
surely a telling off, maybe a ban from public computers (ie libraries etc) would be more appropriate than wasting even more govmnt resources on meaningless punishments. it has probably cost the FBI silly money already just investigating this. to then go on and prosecute him and/or sieze equipment would cost even more.
or maybe im wrong. maybe the FBI and US government should continue to waste money chasing ridiculous issues rather than focusing on the IMPORTANT things like... um... i dont know the US crime rate... terrorism... the pointless, fruitless war their currently involved in... to name but a few.
[ link to this | view in chronology ]
Re: Re: Whats the Issue Here?
[ link to this | view in chronology ]
Re: Re: Re: Whats the Issue Here?
Yes, automating a search of public domain documents is exactly like nuking a country or three.
[ link to this | view in chronology ]
Re: Re: Re: Re: Whats the Issue Here?
If the end justifies the means and in the end you want to do something faster, better and cheaper then the folowing actions produce the same results...
1)Automating the search of public database is faster, better and cheaper than doing it manually, especially if you need 18 million pages of results.
2)Nuking three countries is faster, better, and cheaper then sending troops to kill 18 million people.
[ link to this | view in chronology ]
Re: Re: Re: Re: Whats the Issue Here?
Oh why even take it that far? Why not just pompously point out that his ends suck?
[ link to this | view in chronology ]
Re: Re: Whats the Issue Here?
[ link to this | view in chronology ]
Re: Whats the Issue Here?
The problem is, though, he didn't modify the system.
By definition, he never touched the original source, altered its performance, or prevented others from accessing the same.
If anything, he enhanced the system by introducing additional scripting to benefit the results which would be no different than running the current version. It just did it faster.
In addition, there's absolutely no reason why Aaron should be a target to a system that allowed the introduction of the script to begin with.
It was, by my additional reading, pretty evident such code addition wasn't frowned upon to which expert skills were needed to add the script in the first place (re: hacking).
Hell, even Techdirt's comment posting scrubbing removes possible injection code. To think this system wouldn't is the fault of the code owner, not its users.
I'd agree with you if actions were taken to which Aaron hacked to modify, but this is not the case here.
In other words: Taxpayer dollars were wasted over the stupidity of the software developer as not to block such things in the first place.
The scapegoat being Aaron, and unjust at that.
So, by your logic, the FBI should have its computers removed for arbitrarily using its software to find Aaron's home address, given there were misuses by the FBI because of inaccurate "hacking" allegations.
[ link to this | view in chronology ]
Re: Re: Whats the Issue Here?
a script that constantly searches for certain documents and uploads them, that does not affect performance?
My understanding is that PACER documents are requests, 18 million pages over a few weeks probably leaves some footprints.
[ link to this | view in chronology ]
Re: Re: Re: Whats the Issue Here?
[ link to this | view in chronology ]
Re: Re: Re: Re: Whats the Issue Here?
What surprises me is that it was open to installing software. Something like "Windows Steady State" would be a good option for them.
[ link to this | view in chronology ]
Re: Re: Re: Whats the Issue Here?
[ link to this | view in chronology ]
Re: Re: Whats the Issue Here?
"In addition, there's absolutely no reason why Aaron should be a target to a system that allowed the introduction of the script to begin with."
Your kidding right? I hope you leave your car unlocked and someone makes enhancements to it so no keys are needed. Then they should take it on a joy ride. When the joy ride is over and he uses your logic to justify he actions I will be there laughing at you.
[ link to this | view in chronology ]
Re: Re: Whats the Issue Here?
he didn't enhance the system, he modified it without permission.
[ link to this | view in chronology ]
Re: Re: Re: Whats the Issue Here?
Explain to me how you use a computer without modifying it. Think it through.
[ link to this | view in chronology ]
Re: Re: Re: Re: Whats the Issue Here?
Using a computer with the methods and for the means it was intended to be used does not constitute "modification".
If you change the behavior, even if it's only automating a task, you have now satisfied the definition of modification. He changed the method in which the computer was used via a script. Therefore, he "modified" it's behavior.
Anyone who deals with legal when doing any type of forensics or pen testing will attest to these definitions.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Whats the Issue Here?
You're almost there. Keep thinking.
[ link to this | view in chronology ]
Re: Re: Re: Whats the Issue Here?
This statement from you has as much value as toilet paper once it has served its purpose.
Once again, he did not modify a damn thing. Modification means the original programming was tampered with.
This did not occur. But given you're going around calling people idiots, I can see how understanding this is a challenge for you.
[///M]The drive lost some storage capacity since the script was introduced to the system thus reducing it original capabilities.
Tell me you're not serious. The script's impact to drive space was so negligible, it took weeks to discover.
[iamtheky]a script that constantly searches for certain documents and uploads them, that does not affect performance?
As opposed to many users hitting the same system at the same time? Sorry, but the math doesn't add up.
If anything, the scripting would actually improve performance, not hinder it.
In this instance, the PACER folks should be thanking Aaron by providing a faster way to give people what they want.
Less time on the system provides better performance than 20 people looking up individual records.
I get most people aren't in the IT field, but even common sense should be applied here.
For those that don't get it: A debit card is faster at a checkout than is writing a check. Aaron just supplied the card reader.
[ link to this | view in chronology ]
Re: Whats the Issue Here?
[ link to this | view in chronology ]
Re: Re: Whats the Issue Here?
[ link to this | view in chronology ]
Standard Operating Procedure(s)
People are really WANTING to blow this out of proportion but this time folks, I'm sorry. The FBI did its mandate. They did not abuse any of their powers and nothing they did seems unusual in the slightest way.
Hindsight is a wonderful thing. Just be sure you look at the full picture and not just the parts you like...
[ link to this | view in chronology ]
Whoa! Dude....
Now, the fact that Pacer is/was charging for PUBLIC DOMAIN documents is outrageous/illegal/immoral/just-plain-wrong.
[ link to this | view in chronology ]
Re: Whoa! Dude....
Even though this guy was trying to do something good that does not make his actions okay. Last I checked there is no exclusion for Robin Hood in the law.
At the same time, its lame that Public Domain documents, which the people already paid for once in taxes, have a per page cost.
This whole thing falls under the 'two wrongs do not make a right' category.
[ link to this | view in chronology ]
Nothing to see here
Joel Coehoorn - ASP.Net MVP
[ link to this | view in chronology ]
Re: Nothing to see here
[ link to this | view in chronology ]
1.5 million imaginary dollars!
"The two accounts were responsible for downloading more than eighteen million pages with an approximate value of $1.5 million."
1.5 million dollars of public domain information! And we had to pay for the investigation!
Now that they have investigated him, they should hand all of the PACER data over to him and shut the system down. I guarantee the PACER system is losing money, and Aaron did it all for free.
[ link to this | view in chronology ]
Re: 1.5 million imaginary dollars!
"The Government Printing Office started an experiment last year, offering free access to PACER in certain libraries. Swartz just went to one and then installed his script to cycle through and upload those documents."
Even if he sat in front of the computer in question he would not have been charged per page as it was all free.
[ link to this | view in chronology ]
Good point :)
[ link to this | view in chronology ]
and for the morons that think just because it wasn't protected properly, makes it not his fault. OK...next time you leave your door open to throw out the garbage, I hope some one walks in behind your back and steals your TV, Same bone head logic.
just because the IT op was a bone head, doesnt make Arron any less of a bone head. Should he be shot? NO. Should he be penalized? yes.
[ link to this | view in chronology ]
Re:
You are invited to use the library's computer and uploading the documents is legal. The only quirk in the discussion is the method he used to upload the documents (a script vs manually).
You are not invited to enter a private property just because the door is unlocked, your presence there is illegal (tresspassing) and stealing a TV is illegal.
[ link to this | view in chronology ]
Re:
Someone who could do that is probably able to start from scratch and send out something more sensitive, if something more sensitive isn't locked down. The existence of the original script would be irrelevant.
[ link to this | view in chronology ]
Re:
What if someone came after him and threw the computer at a librarian's head? Huh? What then?!
[ link to this | view in chronology ]
The computer was setup to be accessible by the public, it has an internet connection, and it didn't restrict the execution of scripts. Uploading 1 document wouldn't have even raised an eyebrow, it's quite legal.
Unless there are other rules about the use of the computer (probable) then he did nothing wrong. It's unreasonable to expect him to 'guess' what the proper non-harmful use of a public computer is for each institution.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I can see why they might be *interested*, but I like to think of the FBI as having a frakin' clue about the shit they investigate, and that they would be the kind of people to be able to read a script and realize that downloading public documents is not a crime.
But, I'm old-fashioned like that, and don't like to think of the Feds as a bunch of moronic trigger-happy gym bunnies.
[ link to this | view in chronology ]